6867 matches found
Symantec Security Advisory for Log4j Vulnerability
Summary Symantec products may be susceptible to a flaw in the Apache Log4j 2 library JNDI lookup mechanism. A remote attacker, who can trigger Log4j to log crafted malicious strings, can execute arbitrary code on the target system. Affected Products The following products and product versions are...
Authentication Bypass in ASG and ProxySG
Summary The Symantec Advanced Secure Gateway ASG and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance...
Symantec Security Update
Symantec Endpoint Protection, Data Center Security and Cloud Workload Protection Security Update Summary Symantec - A Division of Broadcom has released updates to address issues that were discovered in the Symantec Endpoint Protection Manager SEPM, Symantec Endpoint Protection SEP, Data Center...
OS Command Injection in Security Analytics
Summary The Symantec Security Analytics web UI is susceptible to an OS command injection vulnerability. A remote unauthenticated attacker, who has access to the Security Analytics web UI, can execute arbitrary OS commands on the target with elevated privileges. Affected Products The following...
OpenSSL Vulnerabilities Mar 2021
Summary Symantec Network and Information Security NIS products using affected versions of OpenSSL may be susceptible to two vulnerabilities. A remote attacker may be able to cause denial of service through application crashes. An application may successfully validate an invalid X.509 certificate...
Apache Tomcat Vulnerabilities May 2020 - Mar 2021
Summary Symantec Network and Information Security NIS products using affected versions of Apache Tomcat may be susceptible to multiple vulnerabilities. A remote attacker may be able to execute arbitrary code on the target server, observe HTTP responses for other users' requests, obtain JSP source...
OpenSSL Vulnerabilities Sep 2020 - Feb 2021
Summary Symantec Network and Information Security NIS products using affected versions of OpenSSL may be susceptible to multiple vulnerabilities. A remote attacker may be able to decrypt encrypted communication from an SSL/TLS connection, downgrade a newly established SSL/TLS connection to SSLv2,...
Linux Kernel CVE-2019-5108 Denial of Service Vulnerability
Description Linux Kernel is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Versions prior to Linux kernel 5.3 are vulnerable. Technologies Affected Linux kernel 2.0.0 Linux kernel 2.0.1 Linux kernel 2.0.10 Linux kernel 2.0.11...
Privilege Escalation and Information Disclosure Vulnerabilities in SMG
Summary Symantec Messaging Gateway SMG is susceptible to privilege escalation and information disclosure vulnerabilities. A malicious, authenticated, privileged user can further elevate their privileges on the system, or obtain a password for a remote SCP backup server that they might not otherwi...
Symantec Endpoint Detection & Response Security Update
Summary Symantec - A Division of Broadcom has released an update to address an issue that was discovered in the Symantec Endpoint Detection & Response SEDR product. Affected Products Symantec Endpoint Detection & Response SEDR --- CVE | Affected Version | Remediation CVE-2020-12593 | Prior to 4.5...
SEDR Information Disclosure
Summary Symantec - A Division of Broadcom has released an update to address an issue that was discovered in the Symantec Endpoint Detection & Response SEDR product. Affected Product Symantec Endpoint Detection and Response SEDR --- CVE | Affected Versions | Remediation CVE-2020-5839 | Prior to 4....
Apache HTTP Server Vulnerabilities Jan 2019 - Apr 2020
Summary Symantec Web Security Group WSG products using affected versions of Apache HTTP Server may be susceptible to multiple vulnerabilities. A remote attacker can bypass security controls, modify the behavior of HTTP Server configuration, obtain information from the server process memory, perfo...
OpenSSL Vulnerabilities Sep 2019 – Apr 2020
Summary Symantec Web Security Group WSG products using affected versions of OpenSSL may be susceptible to multiple vulnerabilities. A local or remote attacker can obtain private key or other secret key information. A remote attacker can also cause denial of service. Affected Products The followin...
IT Analytics XSS
Summary Symantec has released an update to address an issue that was discovered in the IT Analytics product. Affected Products IT Analytics --- CVE | Affected Versions | Remediation CVE-2020-5838 | Prior to 2.9.1 | Upgrade to 2.9.1 Issue Details CVE-2020-5838 --- Severity/CVSSv3: | Medium / 4.3...
Apache Tomcat Vulnerabilities Oct 2018 – Feb 2020
Summary Symantec SWG products using affected versions of Apache Tomcat may be susceptible to multiple vulnerabilities. A remote attacker can execute arbitrary code on the target host, hijack an authenticated Tomcat user's session, redirect a Tomcat user to an arbitrary URL, execute arbitrary...
Symantec Endpoint Protection Security Update
Summary Symantec, A Division of Broadcom has released updates to address issues that were discovered in the Symantec Endpoint Protection SEP and Symantec Endpoint Protection Manager SEPM products. Affected Products Symantec Endpoint Protection Manager SEPM --- CVE | Affected Versions | Remediatio...
Nginx Vulnerabilities Jul 2017 - Oct 2019
Summary Symantec SWG products using affected versions of Nginx may be susceptible to multiple Nginx vulnerabilities. A remote attacker can use crafted requests to obtain sensitive information or cause denial of service. An attacker can also obtain sensitive information or cause denial of service ...
OpenSSH Vulnerabilities Jan-Oct 2019
Summary Symantec SWG products using affected versions of OpenSSH are susceptible to multiple vulnerabilities. A malicious SCP server or SCP man-in-the-middle MITM attacker can modify state on the SCP client host. A local attacker can cause denial of service through OpenSSH application crashes...
Session Hijacking Vulnerability in ProxySG and ASG
Summary The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console. Affected Products Advanced Secure...
CSRF Token Information Disclosure in MC
Summary The Management Center MC web UI is susceptible to a CSRF token disclosure vulnerability. A remote attacker, who has access to an authenticated MC user's web browser history or a network device that intercepts/logs traffic to MC, can obtain CSRF tokens and use them to perform CSRF attacks...
Data Center Security Privilege Escalation
Summary Symantec has released an update to address an issue that was discovered in the Data Center Security Manager component. Affected Products Data Center Security Manager Component --- CVE | Affected Versions | Remediation CVE-2020-5832 | Prior to 6.8.2 aka 6.8 MP2 | Upgrade 6.8.2 aka 6.8 MP2...
Symantec Endpoint Protection Multiple Issues
Summary Symantec has released updates to address issues that were discovered in the Symantec Endpoint Protection SEP, Symantec Endpoint Protection Manager SEPM, and Symantec Endpoint Protection Small Business Edition SEP SBE products. At this time, Symantec is not aware of any exploitations or...
Oracle Java SE/Java SE Embedded CVE-2020-2601 Remote Security Vulnerability
Description Oracle Java SE and Java SE Embedded are prone to a remote security vulnerability. The vulnerability can be exploited over 'Kerberos' protocol. This issue affects the 'Security' component. This vulnerability affects the following supported versions: Java SE: 7u241, 8u231, 11.0.5, 13.0....
Oracle Java SE/Java SE Embedded CVE-2020-2583 Remote Security Vulnerability
Description Oracle Java SE and Java SE Embedded are prone to a remote security vulnerability. The vulnerability can be exploited over multiple protocols. This issue affects the 'Serialization' component. This vulnerability affects the following supported versions: Java SE: 7u241, 8u231, 11.0.5,...
Microsoft Windows Common Log File System CVE-2020-0615 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Versio...
Microsoft Windows CVE-2020-0635 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Window...
Microsoft Windows Search Indexer CVE-2020-0613 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...
Microsoft Windows Search Indexer CVE-2020-0626 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...
Microsoft Windows Search Indexer CVE-2020-0631 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...
Microsoft Excel CVE-2020-0651 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...
Oracle E-Business Suite CVE-2020-2591 Remote Security Vulnerability
Description Oracle E-Business Suite is prone to a remote security vulnerability in 'Oracle Web Applications Desktop Integrator' product. This vulnerability can be exploited over the 'HTTP' protocol. The 'Application Service' component is affected. This vulnerability affects the following supporte...
Oracle PeopleSoft Enterprise HCM Human Resources CVE-2020-2561 Remote Security Vulnerability
Description Oracle PeopleSoft Enterprise HCM Human Resources is prone to a remote security vulnerability. These vulnerabilities can be exploited over the 'HTTP' protocol. The 'Company Dir / Org Chart Viewer' component is affected. These vulnerabilities affect the following supported versions: 9.2...
Oracle MySQL Server cpujan2020 Multiple Security Vulnerabilities
Description Oracle MySQL Server is prone to multiple security vulnerabilities. These vulnerabilities can be exploited over 'MySQL Protocol' protocol. The 'InnoDB', 'Server: Optimizer', 'Server: Options', and 'Server: Audit Plugin' components are affected. These vulnerabilities affect the followin...
Microsoft Windows Remote Desktop Protocol CVE-2020-0609 Remote Code Execution Vulnerability
Description Microsoft Windows Remote Desktop Protocol is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Technologies...
Microsoft Windows Search Indexer CVE-2020-0630 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for...
Oracle Hyperion Financial Close Management CVE-2020-2563 Remote Security Vulnerability
Description Oracle Hyperion Financial Close Management is prone to a remote security vulnerability in 'Close Manager' component. The vulnerability can be exploited over the 'HTTP' protocol. This vulnerability affects the following supported versions: 11.1.2.4 Technologies Affected Oracle Hyperion...
Microsoft Windows Subsystem for Linux CVE-2020-0636 Local Privilege Escalation Vulnerability
Description Microsoft Windows Subsystem for Linux is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1903 for 32-bit Systems Microsoft Windows 10 Version 1903 for ARM64-based...
Oracle FLEXCUBE Universal Banking cpujan2020 Multiple Security Vulnerabilities
Description Oracle FLEXCUBE Universal Banking is prone to multiple security vulnerabilities. These vulnerabilities can be exploited over the 'HTTP' protocol. The 'Infrastructure' component is affected. These vulnerabilities affect the following supported versions: 12.0.1 through 12.4.0, 14.0.0...
Oracle Solaris cpujan2020 Multiple Local Security Vulnerabilities
Description Oracle Solaris is prone to multiple local security vulnerabilities. These vulnerabilities affect the following supported versions: 11 Technologies Affected Oracle Solaris 11 Recommendations Permit local access for trusted individuals only. Where possible, use restricted environments a...
Oracle Database Server CVE-2020-2569 Local Security Vulnerability
Description Oracle Database Server is prone to a local security vulnerability that exists in Oracle Applications DBA. The vulnerability can be exploited over the 'Local Logon' protocol. For an exploit to succeed, the attacker must have 'Local Logon' privilege. This vulnerability affects the...
Oracle Financial Services Analytical Applications Infrastructure Remote Security Vulnerability
Description Oracle Financial Services Analytical Applications Infrastructure is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Object Migration' component is affected. This vulnerability affects the following supported versions: 8.0.4...
Microsoft Office CVE-2020-0652 Memory Corruption Vulnerability
Description Microsoft Office is prone to a memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...
Oracle Identity Manager CVE-2020-2729 Remote Security Vulnerability
Description Oracle Identity Manager is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Advanced Console' component is affected. This vulnerability affects the following supported versions: 11.1.2.3.0, 12.2.1.3.0 Technologies Affected...
Microsoft ASP.NET Core CVE-2020-0603 Remote Code Execution Vulnerability
Description Microsoft ASP.NET Core is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected...
Adobe Experience Manager CVE-2019-16468 Information Disclosure Vulnerability
Description Adobe Experience Manager is prone to an information-disclosure vulnerability. Remote attackers can exploit this issue to gain access to sensitive information that may aid in further attacks. Adobe Experience Manager versions 6.3, 6.4 and 6.5 are vulnerable. Technologies Affected Adobe...
SAP NetWeaver Process Integration CVE-2020-6305 Cross Site Scripting Vulnerability
Description SAP NetWeaver Process Integration is prone to an cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...
Microsoft Windows Common Log File System CVE-2020-0634 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Window...
Oracle Siebel CRM CVE-2020-2559 Remote Security Vulnerability
Description Oracle Siebel CRM is prone to a remote security vulnerability. This vulnerability affects the 'UIF Open UI' component and can be exploited over the 'HTTP' protocol. This vulnerability affects the following supported versions: 19.7 and prior Technologies Affected Oracle Siebel UI...
Oracle Enterprise Manager for Oracle Database cpujan2020 Multiple Remote Security Vulnerabilities
Description Oracle Enterprise Manager for Oracle Database is prone to multiple remote security vulnerabilities. These vulnerabilities can be exploited over HTTP protocol. The 'Change Manager - web based', 'Discovery Framework', 'Enterprise Config Management', and 'Target Management' components ar...
Oracle Hospitality Suites Management CVE-2020-2697 Local Security Vulnerability
Description Oracle Hospitality Suites Management is prone to a local security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'Request Tracker' package is affected. This vulnerability affects the following supported versions: 3.7, 3.8 Technologies Affected Oracle...